Enable SNMP

To monitor the health of the Nozomi Networks Operating System (N2OS) sensor, you need to enable the simple network management protocol (SNMP) daemon.

About this task

The current simple network management protocol (SNMP) daemon supports versions v1, v2c and v3. This feature is not available with a container installation.

Procedure

  1. Log into the console, either directly or through secure shell (SSH).
  2. To go to privileged mode, enter this command: 
    enable-me
    You can now perform system changes.
  3. Edit these variables as necessary:
    • location
    • contact
    • community
    Important:
    For community, it is important to use a strong password.
  4. Change the value of other variables as necessary.
    Note:
    For SNMP v3 User-Based Security Model (USM), uncomment the following sections in /etc/snmpd.conf to create a user bsnmp and set privacy and encryption options to SHA message digests and AES encryption for this user:
    engine := 0x80:0x10:0x08:0x10:0x80:0x25
snmpEngineID = $(engine)
    user1 := "bsnmp"
user1passwd :=
 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16: ... :0x05:0x16:0x33:0x38:0x60
    begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
    %usm
    usmUserStatus.$(engine).$(user1) = 5
usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
usmUserStatus.$(engine).$(user1) = 1
  5. Edit the /etc/rc.conf file with this line: 
    bsnmpd_enable="YES"
  6. To start the service, enter this command: 
    service bsnmpd start
  7. If you enabled the User-Based Security Model (USM) in step 3, replace the default value for the user1passwd variable.
    1. To convert the SHA or MD5 output to exe format, enter this command: 
      sh -c "SNMPUSER=bsnmp SNMPPASSWD=<newpassword> SNMPAUTH=<sha|md5> SNMPPRIV=<aes|des> bsnmpget -v 3 -D -K -o verbose"
echo <SHA output> | sed 's/.\{2\}/:0x&/g;s/^.\{6\}//g'
    2. To restart the service, enter the command: 
      service bsnmpd restart
  8. To save all of the settings, enter this command: 
    n2os-save
  9. To check the functionality, run a test command from an external system (the <sensor_ip> has to be reachable). For example, for the USM case, with the default values in the /etc/snmpd.conf file, use a command similar to this: 
    snmpstatus -v3 -u bsnmp -a SHA -A <password> -x AES -X <password> -l
 authPriv <sensor_ip>

Results

SNMP has been enabled.